﻿// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System.Collections.Generic;

namespace NuGet.Services.Entities
{
    /// <summary>
    /// Represents a vulnerability that a set of packages has.
    /// </summary>
    public class PackageVulnerability : IEntity
    {
        public PackageVulnerability()
        {
            AffectedRanges = new HashSet<VulnerablePackageVersionRange>();
        }

        public int Key { get; set; }

        /// <summary>
        /// The database key from GitHub.
        /// </summary>
        /// <remarks>
        /// Currently, all vulnerabilities are ingested from a feed on GitHub, where this key is unique and required.
        /// In the future, however, if we begin ingesting from another feed, we should make this field nullable, 
        /// add another field for a unique key on that feed, and then make a single unique index across the two.
        /// </remarks>
        public int GitHubDatabaseKey { get; set; }

        /// <summary>
        /// A URL with more metadata about security advisory linked to this vulnerability.
        /// 
        /// Required.
        /// </summary>
        public string AdvisoryUrl { get; set; }

        public PackageVulnerabilitySeverity Severity { get; set; }

        public ICollection<VulnerablePackageVersionRange> AffectedRanges { get; set; }
    }
}